Technical Summary
This spec describes an extension to the HTTP protocol allowing web
host operators to instruct user agents to remember ("pin") the hosts'
cryptographic identities for a given period of time. During that
time, UAs will require that the host present a certificate chain
including at least one Subject Public Key Info structure whose
fingerprint matches one of the pinned fingerprints for that host. By
effectively reducing the number of authorities who can authenticate
the domain during the lifetime of the pin, pinning may reduce the
incidence of man-in-the-middle attacks due to compromised
Certification Authorities.
Review and Consensus
Previous versions of this document received useful reviews on the
mailing list. Many changes were introduced due to working group
consensus, including to pin format, an includeSubdomains directive,
and interaction with private trust anchors.
Some changes were proposed and rejected by the working group,
most notably named pins, a "strict" directive, and hard limits on the
max-age directive. The consensus on these involved a long and hard
discussion, but as chairs, Tobias and I believe that it is a regular
rather than rough consensus.
Two issues that were left for last were the interaction of pre-loaded
pins with noted pins, and the processing of report-only pins. There
was a lot of controversy and a lot of back-and-forth about these
issues. We believe that the current drafts represents the working
group's consensus, although at least one participant would have
preferred a different outcome.
Personnel
Yoav Nir is the document shepherd. Barry Leiba is the responsible
Area Director.